package com.example.shiro;

import com.example.pojo.User;
import com.example.service.ShiroJwtService;
import com.example.utils.JwtUtil;
import io.jsonwebtoken.Claims;
import java.util.Date;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

public class MyRealm extends AuthorizingRealm {

	@Autowired
	private ShiroJwtService shiroJwtService;

	// 限定这个realm只能处理JwtToken（不加的话会报错）
	@Override
	public boolean supports(AuthenticationToken token) {
		return token instanceof JwtToken;
	}

	// 授权
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

		System.out.println("执行了--doGetAuthorizationInfo授权");

		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

		String username = JwtUtil.parseJwt(null, principalCollection.getPrimaryPrincipal().toString()).toString();

		// 根据登录名获取登用户信息
		if (!StringUtils.isEmpty(username)) {

			User user = shiroJwtService.queryByName(username);
			// 设置角色权限
			info.addRole(user.getPerms());

			// info.addRole("vip");
			// 设置权限
			// info.addStringPermission("user:vip");
		}

		return info;
	}


	// 认证
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {

		System.out.println("执行了--doGetAuthenticationInfo认证" + auth.toString());

		// 获取token
		String principal = (String) auth.getCredentials();
		System.out.println(principal);
		String username = JwtUtil.parseJwt(null, principal).get("username").toString();
		System.out.println(username);

		if (StringUtils.isEmpty(username)) {
			throw new AuthenticationException("token错误!");
		}

		// 根据用户名，查询数据库获取到正确的用户信息
		User user = shiroJwtService.queryByName(username);
		if (user == null) {
			throw new AuthenticationException("用户不存在!");
		}

		try {
			Claims claims = JwtUtil.parseJwt(null, principal);
			Date expiraDate = claims.getExpiration();
			int comparedTo = expiraDate.compareTo(new Date());
			String password = claims.get("password").toString();

			if (!password.equals(user.getPwd())) {
				throw new AuthenticationException("密码不正确!");
			} else if (comparedTo < 0){
				throw new AuthenticationException("token已过期!");
			}
			return new SimpleAuthenticationInfo(principal, principal, getName());
		} catch (Exception e) {
			throw new AuthenticationException("token认证失败!");
		}
	}
}
